Slashdot Mirror

Kerbo writes "With all the hype surrounding open source PBXs (telephone switches) such as Asterisk, the user community is clamoring for more help in getting these systems up and running. The Geek Gazette has published an article on how to configure Asterisk to work with BroadVoice VoIP service and eliminate the need for the phone company."

indiejade writes "Yahoo! recently launched its take on the virtual fantasy-prediction game market. The Tech Buzz Game allows players to invest in what they think will be the "next big thing" RE high-tech products, trends, or concepts. CNet reported that the game was announced at the now-in-progress Emerging Technologies Conference in San Diego. The players with the three highest scores accumulated in the game between now and July 29th will win one of various Apple products."

Lally Singh writes "Posted yesterday on the National Security Archives was the NSA's "Transition 2001" report, prepared as an introductory report for President Bush (II)'s incoming administration. "The largest U.S. spy agency warned the incoming Bush administration in its 'Transition 2001' report that the Information Age required rethinking the policies and authorities that kept the National Security Agency in compliance with the Constitution's 4th Amendment prohibition on 'unreasonable searches and seizures' without warrant and 'probable cause,' according to an updated briefing book of declassified NSA documents posted today on the World Wide Web.""

Rolan writes "The World Intellectual Property Organization (WIPO) has announced that they will not allow most Public Interest Groups into two upcoming meetings on Intellectual Property. The EFF has a Press Release."

Eug writes "Apple just released a new version of its CHUD tools, which provides clues about dual-core G5s and quad core Macs (dual dual-core). The clues include a reference to the 970MP, which is dual-core G5 with increased L2 cache. Also, there is now support for 4 CPUs, whereas previous versions of these Mac OS X tools only supported 2. This likely means we'll see dual-core Macs by WWDC, and possibly quad Macs based off these dual-core chips by then too."

Eug writes "Apple just released a new version of its CHUD tools, which provides clues about dual-core G5s and quad core Macs (dual dual-core). The clues include a reference to the 970MP, which is dual-core G5 with increased L2 cache. Also, there is now support for 4 CPUs, whereas previous versions of these Mac OS X tools only supported 2. This likely means we'll see dual-core Macs by WWDC, and possibly quad Macs based off these dual-core chips by then too."

Dexter writes "A French Court has condemned the security researcher Guillame Tena for publishing a security vulnerability in the Viguard anti-virus software of Tegam. This ruling makes the publication of security vulnerabilities and their proof of concept through reverse engneering illegal in France."

Video game ombudsman Kyle Orland has a short post up describing an American Public Media 'Marketplace' piece discussing the increasing clout of the games industry. From his post: "The piece focuses on the increasing respect games are getting as both an artistic and business force. The reporter, Jeff Tyler, provides a good mix of hard numbers, market analysis and trend spotting."

An anonymous reader submits "David Naylor has reviewed the browser recognition capabilities of seven free website statistics services. Among other things, he kills the myth that many Opera users go unaccounted for in website statistics because of the default UA spoofing. Furthermore, he shows that the quality of browser recognition ranges from absolutely abysmal to near perfect."

Andrew Sayers writes "It seems like Netscape 8 has hit blogland, with generally positive review at blogspot.com - although it makes the point that the IE rendering mode could hurt Firefox in the long-run, because it gives sites an excuse to stick with their old IE-only designs." Ah, remember when the release of a Netscape mattered?

Cryofan writes "Michael Copps, one of the five members of the FCC, spoke on the recent controversy over legislation to outlaw municipal WiFi: "I think we do a grave injustice in trying to hobble municipalities. That's an entrepreneurial approach, that's an innovative approach. Why don't we encourage that instead of having bills introduced--'Oh, you can't do this because it's interfering with somebody's idea of the functioning of the marketplace...a municipality is a democratically run institution. They can make their own decisions. They don't need the Bells. They don't need the Administration, and they don't need me telling them what kind of decision they should be making.'"

galdur writes "Microsoft Watch reports Marc Lucovsky, one of Microsoft's key Windows architects has defected to Google. His confidence in Microsoft's ability to ship software seems to have waned, too. Some hypothesize Google working on an OS but in the wake of Google's inroads into Ajax tech applications (GMail, Suggest, Maps), I think Google may have other plans for the chief software architect for Microsoft's .Net My Services ("Hailstorm")" CT Many users are reporting 404s on the Microsoft Watch article, but its working fine for others. Hopefully they'll fix their server soon.

Rolan writes "News.com is reporting that an Appeals court has partially overturned the lower court's decision in favor of Eolas. From the story: "Microsoft on Wednesday claimed a victory in a high-profile Web browser patent dispute, as an appeals court partially reversed a lower court decision that left the software giant exposed to $565 million in damages." The article does not say what part was or was not overturned." Reader shogusumi adds a link to the ruling itself (PDF), supplies a link handy for catching up with the claims at issue here, and writes "As a refresher, this is the case that claims that the functionality provided by IE through the use of embed, applet, and object tags violates a patent owned by Eolas and the University of California."

Paul Laudanski writes "Slashdot ran an article earlier on 'iDownload Tries to Silence Spyware Critics'. Since then, the spyware critics have responded to iDownload: CastleCops, NetRN, and Sunbelt Software. InternetWeek and BroadbandReports have picked up this story as well. Brian Livingston interviewed iDownload's CEO Arlo Gilbert, who claims the letters were a success: "The majority of sites we've contacted have taken down or properly classified iSearch" and "When asked to name some of the sites that had complied, Gilbert answered, "I'm not going to share that information. It would be shooting a gift horse in the mouth."" General overview by Kye-U and Zhen-Xjell."

hlovy writes "The BBC has a piece on British Science Minister Lord Sainsbury's long-sought reaction to a yearlong Royal Society study on the environmental and societal implications of nanotechnology. I've written ad nauseam on the Royal Society report here, here and even for the Wall Street Journal here."

hlovy writes "The BBC has a piece on British Science Minister Lord Sainsbury's long-sought reaction to a yearlong Royal Society study on the environmental and societal implications of nanotechnology. I've written ad nauseam on the Royal Society report here, here and even for the Wall Street Journal here."

hlovy writes "The BBC has a piece on British Science Minister Lord Sainsbury's long-sought reaction to a yearlong Royal Society study on the environmental and societal implications of nanotechnology. I've written ad nauseam on the Royal Society report here, here and even for the Wall Street Journal here."

hlovy writes "The BBC has a piece on British Science Minister Lord Sainsbury's long-sought reaction to a yearlong Royal Society study on the environmental and societal implications of nanotechnology. I've written ad nauseam on the Royal Society report here, here and even for the Wall Street Journal here."

Opera Watch writes "Opera has introduced a fix for the IDN spoofing security vulnerability in its latest beta version. The new version, Opera 8.0 beta 2, was released today on its FTP directory. No official announcement from Opera yet. Opera has created a white list for safe top-level domain names which include .no, .jp, .de, .se, .kr, .tw, .cn, .at, .dk, .ch, and .li. Sites not in the white list will show the encoded domain (with the IDN characters) in the URL field. The list is updated automatically when Opera checks for a new version."

duncan bayne writes "I have just installed Vector Linux SOHO 5.0 RC2 on my old P150 laptop. Overall I was very impressed, and have posted a brief review on my blog. This distro has a lot to offer, especially to schools and other organisations trying to extract more useful life from obsolete hardware."

nazarijo (Jose Nazario) writes "With regulatory compliance hanging over so many peoples' heads (GLBA, SOX, HIPAA, etc), information security and related fields have taken on a new twist in recent years. To that end, a number of people are looking at formal evaluation methods like OCTAVE to help guide them through the tricky world of audits. It's a sensible move, too, because you want something documented, thorough, and demonstrable when it comes to an audit, and preferably something objective. The book Managing Information Security Risks: The OCTAVE Approach by Christopher Alberts and Audrey Dorofee is intended to help you fill this need." Read on for the rest of Nazario's review. Managing Information Security Risks: The OCTAVE Approach author Christopher Alberts and Audrey Dorofee. pages 471 publisher Addison-Wesley Longman rating 5 reviewer Jose Nazario ISBN 0321118863 summary An introduction to information security risk management using the OCTAVE method

Authors Alberts and Dorofee are the principal developers of OCTAVE and are staff members at the Software Engineering Institute (SEI) at Carnegie Mellon University (CMU), where CERT has offices. As such, they're the right people to describe OCTAVE. The CERT OCTAVE website area explains the process in more detail. Needless to say, OCTAVE is a very large, complex, heavy process for an organization to go through, with some arguable benefits. Very few organizations have done so to the best of my knowledge -- most of them are scared off by the complexity of the whole undertaking.

This brings up a very important point. It's important to state the difference between a critique of the OCTAVE method and the book itself. OCTAVE is interesting in that it's an attempt to formalize the complex process of information security evaluations. Despite its shortcomings and turnoffs, it has a purpose, and I wont dispute it for the most part. The book, instead, covers an abbreviated format of OCTAVE. It's important to focus on the strengths and weaknesses of the book and not the topic.

The books is organized into three main parts. Part 1 (covering chapters 1 and 2) is an introduction to the principles being discussed in the book. The method itself, and therefore these chapters, focus on a formal evaluation of information security risks and how to manage them. The principles focus on enumeration of assets, their threats and vulnerabilities, and then remediation of the threats to minimize the risk. The section introduces the core concepts to this philosophy.

Part 2 of the book, covering chapters 3 through 11, server two main purposes, preparation and then execution of the method. Chapter 3 introduces the fundamentals of the OCTAVE method, specifically how the three phases (asset-based threat profiles, vulnerability identification, and security strategy planning) fit together. The inputs of the method and its outputs are then described; you'll be using them in later chapters. Chapter 4 helps you prepare for the approach in your organization, including how important it is to get management buy-in, who will participate, and how to organize the evaluation. Project managers will adore this chapter.

The next few chapters cover the meat of the OCTAVE method. Chapter 5 covers processes 1 to 3, where assets are enumerated and the current state of the security profile is captured, as well. This step is crucial for building a baseline and knowing what you'll have to cover. Chapter 6 leads you through the threat profile, where you examine assets that you've identified as critical and the security requirements for them. And finally, in Chapter 7, the basic identification steps are done as you identify critical infrastructure components to examine later on. This is done so that you can work efficiently, as opposed to studying every asset in depth. By studying classes of assets you can (hopefully) achieve the same coverage without spending valuable time repeating the process.

Chapters 8 and 9 deal with the commonly understood parts, the actual vulnerability and risk analysis. Chapter 8 discusses vulnerability assessment tools and some basic questions to ask about them, but leaves the actual evaluation of those tools up to another text. Chapter 9 then helps you undertake the actual risk analysis, such as the impact of any threat being realized or the probability that one would be encountered. This is what most people think of when they think of an information security audit.

This gets to what is perhaps my biggest complaint about the book. It doesn't teach you how to think creatively about threats to information security. Instead, you're told to enumerate assets and threats against them via brainstorming, as though you'll somehow "get it" the first time (or every time). For someone new to the field, this can be hard, because not all assets are obvious -- and not all threats are understood. It's a hard skillset to teach, but it should have been attempted with more gusto.

Chapters 10 and 11 close the big circle of an information security audit, by developing an information security protection strategy. It's basically a series of outlines of meetings and their agendas as you present the findings of the evaluation but are (obviously) vague in the absence of any concrete findings.

This is probably a good time to raise another objection to this book. My second biggest complaint is that the authors never cut to the heart of what the OCTAVE method is trying to do. Sure, the book covers a stripped-down version of OCTAVE, but it doesn't ever get at how you can really adapt this to your organization. Instead, it's a series of rigid steps in the OCTAVE method. If you attempt to do something different for whatever reason, you're on your own. Again, an attempt to work in some flexibility beyond what is present in Chapter 12 (An Introduction to Tailoring OCTAVE, the start of part 3) would have been welcome. This chapter just keeps you inside the narrow confines of the OCTAVE approach.

Chapter 13 attempts to bring this home by discussing the practical applications for an organization. They attempt to discuss how a small company would utilize OCTAVE, but to be honest it's so heavy and time-consuming it's hard to see how they would employ anything but the barest of concepts to their workflow. Three other examples are given: a very large distributed organization, an integrated Web portal service provider (which faces unique threats), and large and small organizations. Again, while this chapter attempts to show how to tailor OCTAVE to anything but the largest and most diligently staffed of organizations, it falls to get to the salient points of the method. Instead, it tries to foist the process on them.

Finally, chapter 14 tries to bring it all home and discuss the information security life cycle of analysis, monitoring, control, and implementation (not in that order). They hope that OCTAVE has become a part of this process and show how it complements and matures this process. Instead, I wonder if an organization will think about the effort they just expended and be reluctant to do this again. The appendices are piles of worksheets, charts and workflows to go through with OCTAVE. You can make photocopies and use them if you implement the OCTAVE approach. It's very hard to take consider these methods strong enough when you read about the report card government agencies received for information security. While they may have not been following OCTAVE, it's hard to see how a book that so superficially treats the subject matter can help anyone do better. Almost everything is just a high-level line-item risk-and-mitigation strategy. Things like "Our organization cannot deliver effective or efficient health care without PIDS" and an impact of "High" are, to put it mildly, interesting in their superficiality. So many things are simply glossed over, yet so many worksheets remain. On the other hand, if a fair treatment of threats, assets, and the like were fully discussed the book would be many more volumes, a significantly more tedious tome, and too sensitive to the shifting sands of time.

Overall the book does a decent job of covering OCTAVE's core premises, but doesn't really provide much beyond that. It's a complex process that doesn't work well for a number of organizations. Instead of helping organizations see how to use it, the authors simply keep presenting OCTAVE for what it is, which makes me question the value of this book beyond someone who has already decided to implement OCTAVE. It doesn't seem like it has a lot to offer anyone who doesn't have a large body of knowledge in information security management and a staff to deploy with worksheets in hand. The book simply fails to contribute greatly beyond the very narrow specifics of OCTAVE.

You can purchase Managing Information Security Risks: The OCTAVE Approach from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

derek_farn writes "First there were printers that would would only work with vendor annointed ink cartridges; now we have laptops that will only boot with vendor annointed PCI cards. Keeping a list of approved PCI cards in the bios is one way of ensuring that customers renew their maintenance contracts. How else are they going to be able to plug in a PCI card released after the last BIOS update?" My HP laptop is several years old; can anyone confirm this?

wiggles writes "The City of Chicago recently completed a $475 million park/civic center known as Millennium Park. One of the central features is a sculpture officially called Cloud Gate and unofficially called "The Bean". The Bean is a giant, 3 story, 110-ton hunk of highly reflective steel. Photographers taking pictures of the sculpture have been charged money by the city. The park district is claiming that pictures of the park violate the designers' and artists' copyrights. Quoth Karen Ryan, the press director for the park's project, "The copyrights for the enhancements in Millennium Park are owned by the artist who created them. As such, anyone reproducing the works, especially for commercial purposes, needs the permission of that artist." In response, Chicagoland bloggers have been posting as many pictures as they can get of The Bean."

jvm writes "Markos of Daily Kos wrote today of what he describes as the legacy of blogging: open source. Not software, but the philosophy. From the article: "When I'm asked about blogging's legacy, I talk about open source. Open source politics, open source activism, open source journalism -- the aggregation of thousands on behalf of a common cause." Relatedly, egoff writes "You might have seen some coverage of Jeff Gannon, a conservative reporter who lobbed softball questions during White House press briefings. It was discovered that he was using an alias to get past White House security. The language of open source development is used throughout their description of the reporting process. At Poynter Online, journalists discussing this story have compared the random blog readers who did the bulk of this research to "what Woodstein did back in the day.""

Rik writes "Thursday night the Dutch parliament has decided that the Dutch government should not vote for the EU Software Patent Directive at the European Council of Ministers next week. The decision of the Dutch parliament strengthens attempts of MEPs of the European Parliament to send the Software Directive back to the drawing board."

Rik writes "Thursday night the Dutch parliament has decided that the Dutch government should not vote for the EU Software Patent Directive at the European Council of Ministers next week. The decision of the Dutch parliament strengthens attempts of MEPs of the European Parliament to send the Software Directive back to the drawing board."

An editorial posted on The Adrenaline Vault posits that talented gamers are not always the best reviewers because of the necessity for those with elite skills to care as much as they do about their performance. The best reviewers, on the other hand, are generally somewhat detached from the subject material. From the article: "Spending 50 hours playing an offering when you are focused exclusively on trying to win certainly would yield very different insights than spending the same 50 hours trying to evaluate the title's strengths and weaknesses to help inform the general public about purchasing decisions." Kyle Orland's Video Game Ombudsman has further analysis on this subject.

Fokker writes "Reuters reports that scientists from around the world launched a project on thursday to genetically identify species using bar codes. By taking a snippet of DNA from all the known species on Earth and linking them to photographs, descriptions and scientific information, the researchers plan to build the largest database of its kind."

jgwebber writes "Google Maps is starting to cause a bit of a stir as Google makes the browser do still more backflips than most expected. In the tradition of dissecting Google Suggest and GMail, I've done a little dissecting of this newest service."

DaHat writes "Don Box, one of the authors of the original SOAP specification in 1998, now an architect on Microsoft's next generation Indigo platform recently responded to James Gosling's remarks regarding huge security holes within the .NET Common Language Runtime (CLR). Don argues that the same 'flaws' that Gosling noted in the .NET CLR exist both within the Solaris operating system as well as the JVM, both of which support execution of C and C++ code, as well as explaining why this is not necessarily a bad thing."

dirvish writes "Information Week has a story discussing copyright issues and legal rights associated with employee blogs and RSS readers. Recently, some companies have come out with formal weblog policies and others have fired employees for inappropriate blogging. With an increase in official company blogs, and some large companies like Microsoft and Google offering popular blogging services, the issues become even more clouded. Some bloggers are beginning to speak out about corporate and government control, others would probably prefer to not risk their jobs."

Pablo Martinez-Almeida writes "Skype has just announced full versions of its software for Mac OS X and for Linux. Now I'm only waiting for some conversations recording feature. (via Om Malik on broadband)"

lewsmind writes "The Register has a scoop on the new PowerBook G5. According to this article at the Apple website has hidden clues that suggest the coming of the PB G5 very soon. ."

KaiEl writes "Is Nintendo being penalized in the press for releasing their Nintendo DS before Sony's PSP? That's the quesiton I ask in a recent post on The Video Game Ombudsman. While DS games are being held up to the harsh standard of hands-on reviews, PSP coverage is mostly rosy glow previews and lofty PR promises. Readers comparing the two very different types of writing might notice a "preview bias" that seems endemic to video game writing. Is this a serious problem, or am I just expecting too much from what is simply a preliminary review?"

KaiEl writes "Is Nintendo being penalized in the press for releasing their Nintendo DS before Sony's PSP? That's the quesiton I ask in a recent post on The Video Game Ombudsman. While DS games are being held up to the harsh standard of hands-on reviews, PSP coverage is mostly rosy glow previews and lofty PR promises. Readers comparing the two very different types of writing might notice a "preview bias" that seems endemic to video game writing. Is this a serious problem, or am I just expecting too much from what is simply a preliminary review?"

zmarties writes "In a very low key announcement on his blog, Ben Goodger, lead developer for Firefox, has announce that effective from a couple of weeks ago, he has become a Google employee. In practice his day to day job won't change that much, in that he will still lead Firefox through its forthcoming releases, but with Google paying his wages, we can be sure that new and interesting overlap between the Mozilla Foundation's browsers and Google's services are sure to develop."

flinderhans writes "Jeff Pulver, the guy who started Free World Dialup (free VoIP network) and had the germ of the idea that turned into Vonage, has launched a P2P network called Bellster that allows users to share their private lines to make calls anywhere on the public-switched telephone network. Interesting stuff, even if it doesn't look quite ready for prime-time."

dos_dude writes "This year's Spam Conference is over. As usual, the MIT provides low and high bandwidth webcasts. The talks featured a full spectrum of anything possible. From absurd to sound, from boring to entertaining, and from dead-horse-beating to brand-new. Highlights: John Graham-Cumming presented the results of the survey he did with the help of many Slashdot readers, Jon Praed gave the details of the trial against spammer Jeremy Jaynes and friends, Brian McWilliams posed the question what will happen when all spam is finally filtered, and Matthew Prince plugged Project Honeypot in a very entertaining way. Shameless but useful plug: here's the final schedule with links to the webcasts."

Chris Holland writes "As voice communications are evolving beyond traditional phone systems and making better use of the Internet, Aswath Rao is offering regulation-advocating counterpoints to Dr. Daniel Ryan's original analysis of various VoIP industry players' arguments for deregulation. Many of the above discussions revolve around closed, regulatory-scrutiny-fostering voice communications ecosystems reserved to a small, resourceful elite. Meanwhile, an open Internet protocol which provides support for all forms of real-time communications including Text, Voice and Video, with a few open-sourced server implementations and free client solutions is starting to gain serious ground: The Session Initiation Protocol enables just about anybody with little resources to become their own Real-Time Communications Giant."

jdray writes "An experiment onboard the Huygens probe didn't run as planned because someone forgot to turn it on. The team lead for the experiment has put eighteen years of his life into the project, just to watch it not happen after a seven year ride to its destination on Titan."

theodp writes "27-year-old graphic artist Jeff Tweiten lives on a periwinkle blue, fold-out futon on the sidewalk in front of the Cinerama Theatre in downtown Seattle. He is not homeless, but camping out for 139 days. Waiting. For what, you wonder? Tweiten is waiting for Star Wars: Episode III - Revenge of the Sith, which opens May 19. And yes, he's keeping a blog. 14 days down. 125 to go." In other Star Wars news: dbottaro writes "Who wants a JL421 Badonkadonk? NAO Design has built a functional Sandcrawler, ala Star Wars Episode IV. Complete with blaster-deflecting sidewalls, full interior carpeting, seating for five and a 400 watt stereo system." Reader dankinit writes "For all you Star Wars fans, a Darth Tater Mr. Potato Head will be released in February by Hasbro Inc. The new covers for the Episode III books due out a month before the movie were also posted today."

Jane_the_Great writes "In an article in the Wall Street Journal it is "revealed" that during the 2004 primaries, the Howard Dean campaign hired bloggers hoping that positive things would be said of Dean in the blogs. The news is from the horse's mouth." It's hard to believe that the WSJ is equating prominently disclosed campaign consulting with secret payments from the U.S. Government treasury to TV personalities in order to promote Republican policies, but they are. (Obeying media rule #1, "Both sides are equally bad", even if they aren't.) Nevertheless, there's an interesting, deeper issue: how transparent should blogging (and all media) be? How could transparency possibly be enforced?

Opera Watch writes "Opera Software today announced that it would offer free licenses to higher education institutions. This is a change from the previous cost of $1000 (US) for unlimited licenses. It remains to be seen, however, whether Opera will allow schools to give standard Opera licenses to students to use on personal computers/laptops within campus at no additional cost, that came with the $1000 license fee. This comes after a respected university advised its students not to use Internet Explorer, for its lack of security. Opera Software said they are doing so in an effort to meet the student and university need for security on the Internet."

Opera Watch writes "Opera Software today announced that it would offer free licenses to higher education institutions. This is a change from the previous cost of $1000 (US) for unlimited licenses. It remains to be seen, however, whether Opera will allow schools to give standard Opera licenses to students to use on personal computers/laptops within campus at no additional cost, that came with the $1000 license fee. This comes after a respected university advised its students not to use Internet Explorer, for its lack of security. Opera Software said they are doing so in an effort to meet the student and university need for security on the Internet."

Rolan writes "Yahoo! has released to BETA their Desktop Search Tool. It has a much longer list of file types that it will search, including compressed files, than the Google Desktop Search Tool. Though, the usefulness of a good number of those file types would come into question for most people."

Rolan writes "Microsoft announced several Mac software updates at Macworld. Updates include MSN Messenger 5.0 and Improved Outlook imports (PST File import). The article also says Microsoft has also been working with Apple to ensure that Apple's Spotlight search technology works well with Office documents."

DaHat writes "Hot on the heels of their release last week of Microsoft AntiSpyware, Microsoft today released their very own Malicious Software Removal Tool with the claim that it will detect and remove infections from specific pieces of malware, including those in the families of Berbew, Doomjuice, Gaobot, Msblast, Mydoom, Nachi, Sassier, and Zindos from your Windows 2000, XP or 2003 machine. Microsoft also promises to release an updated version of the tool on the second Tuesday of each month."

rikomatic writes "The Asian tsunami in December has dramatically shown how much SMS, email and the web are now indispensible parts of disaster recovery. The folks at the Digital Divide Network have organized a virtual conference on 'How New Media and the Internet are Reshaping Tsunami Relief Efforts' on Wednesday, Jan 12 at 10am, EST. Among the featured speakers will be Dina Mehta, co-founder of the Southeast Asia Earthquake and Tsunami Blog. In the hours following the tsunami, she and a group of South Asian bloggers created the volunteer-driven web portal for tsunami relief news and resources. Beyond using IT to coordinate post-disaster relief efforts, early warning is another critical need. Hopefully the UN's World Conference on Disaster Reduction in Kobe, Japan later this month will address the IT infrastructure needed to make sure that people get advance warning before the next natural disaster strikes."

KFZ Versicherung writes "Space.com is reporting on the largest explosion ever seen in space. The outburst is orchestrated by a supermassive black hole that anchors a distant galaxy sitting amid a tight cluster of galaxies. The black hole has blown two huge bubbles into the galaxy, shoving aside a colossal amount of gas equal to the mass of a trillion Suns, or more than all the stars of our own Milky Way Galaxy."

Ian@falsepositives.com writes "Lots of discussion going on about 'folksonomies' -- bottom-up taxonomies that people create on their own -- as used in Del.icio.us and Flickr: Adam Mathes has a thesis on Folksonomies; IFTF's Future Now makes a point about problems with folksonomies: no synonym control ( "mac" and "macintosh" on Del.icio.us); no hierarchy and content types; and only simple one-word tags. Joho the Blog notices a discussion about what to call it in Mob indexing? Folk categorization? Social tagging?, and John Battelle links into Taggle and "federated tagging". I wonder if a Google Suggest like system might reduce 'lazy tagging' ,and maybe synonym control when the federation appears. Tag, you're it!"